On Wed, 7 Jan 2004, Giulio Cervera wrote:
this is the full acl, i have also attached the full config
Try using half_closed_clients off
Regards
Henrik
ops ... sorry ... i have wrong cut & paste, i need more holiday :( the previous msg leak some part of config this is full (verified), and half_closed_clients is already off
do you think this acl is too big for our targer ( ~200Reqs/sec ) ?
thank's and sorry again
http_port 8080 icp_port 3130
cache_peer 194.218.2.8 parent 8080 0 proxy-only no-query no-digest
cache_peer 194.218.2.20 parent 8080 0 proxy-only no-query no-digest
cache_peer 10.253.16.1 sibling 8080 3130 proxy-only
cache_peer 10.253.16.2 sibling 8080 3130 proxy-only
cache_peer 10.253.16.3 sibling 8080 3130 proxy-only
#cache_peer 10.253.16.4 sibling 8080 3130 proxy-only
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY
cache_mem 64 MB
cache_swap_low 85 cache_swap_high 90
maximum_object_size 65536 KB
maximum_object_size_in_memory 24 KB
ipcache_size 2048
cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF
cache_dir diskd /var/cache/spool/0 28000 96 256 Q1=72 Q2=64 cache_dir diskd /var/cache/spool/1 28000 96 256 Q1=72 Q2=64 cache_dir diskd /var/cache/spool/2 28000 96 256 Q1=72 Q2=64
cache_access_log /var/cache/log/access.log cache_log /var/cache/log/cache.log cache_store_log none
log_ip_on_direct on
pid_filename /var/cache/run/cache.pid
ftp_user [EMAIL PROTECTED]
dns_timeout 1 minutes
hosts_file none
refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320
quick_abort_min 0 KB quick_abort_max 0 KB
positive_dns_ttl 1 hours
range_offset_limit 0 KB
read_timeout 10 minutes
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Tunnel_ports port 443-499 acl Tunnel_no_src src 10.253.0.0/16 acl Tunnel_method method CONNECT acl Safe_ports port 80 # http acl Safe_ports port 81 # http 2 acl Safe_ports port 21 # ftp acl Safe_ports port 443-499 # https acl Safe_ports port 1025-65535 # unregistered ports acl clients src 10.0.0.0/8 acl clients src 172.16.0.0/12 acl clients src 192.168.0.0/16 acl clients src 194.218.0.0/19 acl locallan dst 10.253.0.0/16 acl locallan dst 194.218.2.0/23 acl proxylan dst 10.253.16.0/27 acl allowed_peer src 10.253.16.1 acl allowed_peer src 10.253.16.2 acl allowed_peer src 10.253.16.3 acl allowed_peer src 10.253.16.4
acl siteallow_url url_regex -i ^.{3,4}://.*\.public\.rupa\.it
acl siteallow_dst dst 194.218.2.160/27
acl siteallow_dst dst 10.253.64.0/24
acl siteallow_dst dst 10.253.16.0/27acl dangurl urlpath_regex -i \.id[aq]\?.{100,} # CodeRED
acl dangurl urlpath_regex -i /readme\.(eml|nws|exe) # NIMDAacl mgmtlan src 10.253.0.0/23 acl FTP proto FTP
acl SITIRUPA dst 194.218.0.0/19 acl SITIRUPA dst 10.0.0.0/8 acl SITIRUPA dst 172.16.0.0/16
acl LLPPProxy src 10.136.1.206 acl LLPPsicoge dst 194.218.14.15
#SNMP ACL acl SNMPallow src 127.0.0.1/32 acl SNMPallow src 10.253.0.0/16 acl snmppublic snmp_community edsaipa
http_access allow allowed_peer
http_access allow manager localhost http_access allow manager mgmtlan http_access deny manager
http_access deny to_localhost http_access deny !Safe_ports http_access deny dangurl
http_access deny Tunnel_method Tunnel_no_src !Tunnel_ports
http_access allow siteallow_url http_access allow siteallow_dst http_access deny locallan
http_access allow LLPPsicoge LLPPProxy http_access deny LLPPsicoge
http_access allow clients
http_access deny all
http_reply_access allow all
icp_access allow allowed_peer icp_access deny all
cache_peer_access 194.218.2.8 allow FTP cache_peer_access 194.218.2.20 allow SITIRUPA cache_peer_access 194.218.2.20 deny all cache_peer_access 10.253.16.1 deny SITIRUPA cache_peer_access 10.253.16.1 allow all cache_peer_access 10.253.16.2 deny SITIRUPA cache_peer_access 10.253.16.2 allow all cache_peer_access 10.253.16.3 deny SITIRUPA cache_peer_access 10.253.16.3 allow all
cache_mgr [EMAIL PROTECTED]
visible_hostname caspy008.cgi.rupa.it
logfile_rotate 0
memory_pools_limit 50 MB
store_avg_object_size 25 KB
client_db off
buffered_logs off
always_direct allow proxylan always_direct deny FTP always_direct deny SITIRUPA always_direct deny all
never_direct deny proxylan never_direct allow SITIRUPA
snmp_port 3401
snmp_access allow snmppublic SNMPallow snmp_access deny all
coredump_dir /var/cache
ignore_unknown_nameservers off
digest_rebuild_period 15 minute
digest_rewrite_period 15 minute
--
*Giulio Cervera*
EDS PA SpA Via Atanasio Soldati 80 00155 Roma (Italy) tel: +39 06 22739 270 fax: +39 06 22739 233 e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
